I made an application with code igniter and implemented a login screen. When logged in, the user is directed to the dashboard screen. When you click on any link on this screen, the message "Forbidden access" is displayed:
Imadeachecktounderstandthedifferencebetweentheloginscreen(whichworks)andtheotherscreenstounderstandtheproblem.
LoginForm:
<divclass="container">
<div class="card card-login mx-auto mt-5">
<div class="card-header">Finanças</div>
<div class="card-body">
<form role="form" method="post" action="<?php echo site_url('login/auth');?>">
<div class="form-group">
<label for="login">Login</label>
<input class="form-control c-form-control" id="login" name="username" type="text" aria-describedby="emailHelp">
</div>
<div class="form-group">
<label for="password">Senha</label>
<input class="form-control c-form-control" id="password" name="password" type="password">
</div>
<input type="submit" name="btnAcessar" value="Acessar" class="btn c-btn-login btn-block">
</form>
<div class="text-center">
<a class="d-block c-a-style small mt-3" href="#">Esqueceu a senha?</a>
</div>
</div>
</div>
Login / auth method
public function auth() {
//Captura da requisição os dados que vieram do formulario
$username = $this->input->post('username');
$password = $this->input->post('password');
// Captura os dados do banco e valida com os da requisição
$userInfo = $this->user_model->get_user($username);
if(strtolower($username) == strtolower($userInfo["USERNAME"]) && md5($password) == $userInfo["PASSWORD"]){
$data['username'] = $userInfo["USERNAME"];
$data['name'] = $userInfo["NAME"];
$this->session->set_userdata("user_logged", $username);
$this->load->view('templates/system-header', $data);
$this->load->view('pages/Dashboard', $data);
$this->load->view('templates/system-footer');
} else {
echo "Usuário e/ou senha incorretos.";
}
}
Sample call to any screen within the application
<li class="nav-item" data-toggle="tooltip" data-placement="right" title="Titulos">
<a class="nav-link call-content" href="<?php echo site_url('application/titulos');?>" value="pedidos">
<i class="fa fa-fw fa-file-text-o"></i>
<span class="nav-link-text">Titulos</span>
</a>
</li>
Application / title method
public function titulos($page = 'titulos') {
if (!file_exists(APPPATH.'views/pages/'.$page.'.php')) {
show_404();
}
$this->load->view('templates/system-header', $data);
$this->load->view('pages/titulos', $data);
$this->load->view('templates/system-footer');
}
The framework itself generated a .htaccess file in the 'views' folder:
<IfModule authz_core_module>
Require all denied
</IfModule>
<IfModule !authz_core_module>
Deny from all
</IfModule>
I have a .htaccess file in the project root to 'hide' the index.php from url:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?$1 [L]
</IfModule>
I think it's important to say that I'm using session. As the error screen is not formatted like CodeIgniter does, I believe it's something with PHP or XAMPP that I'm using. The directories have full access to the read and write. I'm using locally in my Windows 10.
Any idea what it might be?